WO2024002952A1 - Procédé et dispositifs de communication entre un dispositif de l'internet des objets et un système informatique distant - Google Patents

Procédé et dispositifs de communication entre un dispositif de l'internet des objets et un système informatique distant Download PDF

Info

Publication number
WO2024002952A1
WO2024002952A1 PCT/EP2023/067279 EP2023067279W WO2024002952A1 WO 2024002952 A1 WO2024002952 A1 WO 2024002952A1 EP 2023067279 W EP2023067279 W EP 2023067279W WO 2024002952 A1 WO2024002952 A1 WO 2024002952A1
Authority
WO
WIPO (PCT)
Prior art keywords
internet
update
access
things device
computer system
Prior art date
Application number
PCT/EP2023/067279
Other languages
English (en)
Inventor
Sebastian Guerrero
Peter PLÜSS
Original Assignee
Legic Identsystems Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Legic Identsystems Ag filed Critical Legic Identsystems Ag
Publication of WO2024002952A1 publication Critical patent/WO2024002952A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/082Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/53Network services using third party service providers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • H04L41/0853Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
    • H04L41/0856Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information by backing up or archiving configuration information

Definitions

  • the present disclosure relates to a method and devices for communicating between an Internet of Things device and a remote computer system.
  • the present invention relates to a method, a computer system, and an Internet of Things device for communicating between the Internet of Things device and the computer system arranged remotely from the Internet of Things device.
  • the so called Internet of Things or “loT” is a network of physical devices, machines, vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators, and electronic communication circuits, which enable these things or devices to connect and exchange data.
  • the loT extends the Internet beyond traditional (standard) computing devices, such as desktops, laptops, smartphones, tablets and smart watches, to any range of traditionally non-computational and/or non-lnternet- enabled physical devices and objects.
  • the loT is proliferating to the home, the office, and the streets and beyond.
  • loT devices are configured to connect wirelessly to a network and transmit data.
  • an loT device comprises an electronic communication circuit for close range communication, such as RFID (Radio Frequency Identification), Bluetooth, Bluetooth Low Energy (BLE), and the like, which enable data communication up to a few meters, e.g. up to one to five meters, up to ten meters, or even up to hundred meters.
  • RFID Radio Frequency Identification
  • BLE Bluetooth Low Energy
  • a large number of loT devices if not the majority or typical loT device, is not configured for wireless communication over an extended range directly and independently through a mobile radio network (cellular network), such as GSM (Global System for Mobile Communication) or UMTS (Universal Mobile Telephone System).
  • GSM Global System for Mobile Communication
  • UMTS Universal Mobile Telephone System
  • a digital twin is a digital representation of a real-world electronic device.
  • the digital twin is configured such that it digitally mirrors at least some aspects of the real-world device.
  • Digital twins are used, for example, to maintain an inventory of deployed or installed devices, or to model and predict device behaviour (in particular for maintenance or reliability assessments).
  • EP3637736A1 discloses a method and device for communicating between an loT device and a remote computer system, in particular in which a download data message is transmitted to a mobile communication device from a remote computer system, the mobile communication device then forwarding the download data message to the loT device.
  • the download data message is forwarded to the loT device in its entirety, which may be disadvantageous in situations where the loT device requires only a subset of data included in the download data message.
  • the loT device may require a change only of those access rights which have been updated with respect to an earlier set of access rights.
  • the above-mentioned objects are achieved by a method of communicating between an loT device and a remote computer system, the method comprising storing in the remote computer system a digital twin of the loT device.
  • the digital twin is either linked to a unique identifier of an loT device, or itself identifies the loT device uniquely, for example by comprising a unique identifier itself.
  • the digital twin comprises a current set of access rights for the loT device and configuration data including an address of a mobile communication device as a communication relay address.
  • the method comprises generating in the remote computer system, for the loT device, an update data package.
  • the update data package is divided into a plurality of update package parts, each update package part including a subset of the current set of access rights and update metadata for the update package part.
  • the method comprises transmitting via a mobile radio communication network the update data package for the loT device, from the remote computer system to the mobile communication device, using the communication relay address linked to the unique identifier of the loT device.
  • the method comprises receiving, in the loT device, the update metadata for each of the update package parts.
  • the update metadata is received from the mobile communication device via close range communication.
  • the method comprises identifying, in the loT device, one or more required update package parts, using the update metadata received from the mobile communication device and stored metadata relating to one or more sets of access rights stored in a memory of the loT device.
  • the method comprises transmitting, from the loT device to the mobile communication device, via the close range communication, a request message indicating the one or more required update package parts.
  • the method comprises receiving, in the loT device from the mobile communication device, via the close range communication, the one or more required package parts of the update data package as indicated in the request message.
  • the current set of access rights authorize access, for the loT device, to one or more access control terminals.
  • a particular access right of the current set of access rights relates to a particular access control terminal and comprises an access control terminal identifier, an access control terminal cryptographic key, and/or an access time scheme.
  • Access is authorized according to a method.
  • the method comprises receiving, in the loT device, from the particular access control terminal via short range communication, the access control terminal identifier.
  • the method comprises verifying, in the loT device, access authorization using the particular access right and the received access control terminal identifier.
  • the method comprises generating, in the loT device, using the particular access right, an access authorization message.
  • the method comprises transmitting, from the loT device, to the access control terminal via short range communication, the access authorization message.
  • the current set of access rights authorize access, for the loT device to one or more access control terminals.
  • a particular access right of the current set of access rights relates to a particular access control terminal and comprises an encrypted access payload.
  • Access is authorized according to a method.
  • the method comprises transmitting, from the loT device to the access control terminal via short range communication, the encrypted access payload.
  • the method comprises verifying, in the access control terminal, the encrypted access payload.
  • the method comprises authorizing, in the access control terminal, access for the loT device.
  • the method further comprises storing, in the remote computer system the configuration data of the digital twin, the configuration data further including a memory configuration characteristic, the memory configuration characteristic including a memory allocation of a plurality of memory partitions.
  • the method comprises generating the update data package to include, in a memory update package part of the plurality of update package parts, the memory configuration characteristic and metadata for the memory update package part.
  • the method comprises receiving, in the loT device from the mobile communication device, via the close range communication, the particular update package part including the memory configuration characteristic.
  • the method comprises storing, in the remote computer system, the configuration data of the digital twin including a current firmware indicator.
  • the method comprises generating the update data package to include, in a firmware update package part of the plurality of update package parts, a current firmware according to the current firmware indicator and metadata for the firmware update package part.
  • the method comprises receiving, in the loT device from the mobile communication device, via the close range communication, the firmware update package part including the current firmware.
  • the method further comprises transmitting via a close range communication an upload status message for the remote computer system from the loT device to a mobile communication device.
  • the mobile communication device is within the close range of the loT device during transmission.
  • the upload status message is transmitted to the mobile communication device for forwarding to the remote computer system via the mobile radio communication network.
  • the upload status message includes a unique identifier of the loT device.
  • the method comprises receiving in the remote computer system the upload status message from the loT device, as forwarded by the mobile communication device via the mobile radio communication network.
  • the method comprises storing in the remote computer system the unique identifier linked to the digital twin of the loT device.
  • the method further comprises storing in the remote computer system, the configuration data of the digital twin including the address of the mobile communication device as the communication relay address.
  • the method further comprises transmitting, from the loT device, a clock update request for the remote computer system, to the mobile communication device via close range communication.
  • the method comprises receiving, in the remote computer system, the clock update message from the loT device, as forwarded by the mobile communication device via the mobile radio communication network.
  • the method comprises transmitting, via the mobile radio communication network a clock update instruction including a current time-stamp for the loT device, from the remote computer system to the mobile communication device, using the communication relay address linked to the unique identifier of the loT device.
  • the method comprises receiving, in the loT device, the clock update instruction, from the mobile communication device via close range communication.
  • the method comprises reconfiguring a clock of the loT device according to the current time-stamp, provided that a time difference between transmitting of the clock update request and receiving the clock update instruction does not exceed a pre-defined timeout.
  • the present disclosure also relates to a remote computer system for communicating with an loT device, the computer system comprising a communication module configured to exchange data with a mobile communication device via a mobile radio communication network.
  • the computer system further comprises a memory configured to store a digital twin of the loT device linked to a unique identifier of the loT device, the digital twin comprising a current set of access rights for the loT device and configuration data including an address of a mobile communication device, as a communication relay address.
  • the computer system comprises a processor configured to generate, for the loT device, an update data package divided into a plurality of update package parts, each update package part including a subset of the current set of access rights and update metadata for the update package part.
  • the computer system further comprises a processor configured to transmit via the mobile radio communication network the update data package for the loT device to the communication relay address linked to the unique identifier of the loT device.
  • the update data package is transmitted for forwarding, by the mobile communication device, via close range communication, of one or more required update package parts, to the loT device.
  • the required update package parts are indicated by a request message received by the mobile communication device from the loT device.
  • the processor is further configured to extract, from an upload status message from the loT device, as received by the mobile communication device from the loT device via a close range communication circuit and forwarded by the mobile communication device via the mobile radio communication network to the computer system, the unique identifier of the loT device linked to the digital twin.
  • the processor is configured to store in the memory of the remote computer system an address of the mobile communication device, as a communication relay address, as part of the configuration data of the digital twin of the loT device.
  • the processor is further configured to receive a clock update message from the loT device, as received by the mobile communication device from the loT device via a close range communication circuit and forwarded by the mobile communication device via the mobile radio communication network to the computer system.
  • the processor is configured to generate a clock update instruction including a current timestamp for the loT device.
  • the processor is configured to transmit via the mobile radio communication network the clock update instruction for the loT device to the communication relay address linked to the unique identifier of the loT device, for forwarding by the mobile communication device via the close range communication circuit to the loT device.
  • the current set of access rights authorize access, for the loT device, to one or more access control terminals, one or more access rights of the current set of access rights relating to a particular access control terminal and comprising an access control terminal identifier, an access control terminal cryptographic key, and/or an access time scheme.
  • the current set of access rights authorize access, for the loT device, to one or more access control terminals, one or more access rights of the current set of access rights relating to a particular access control terminal and comprising an encrypted access payload.
  • the configuration data of the digital twin further includes a memory configuration characteristic including a memory allocation of a plurality of memory partitions
  • the processor is configured to generate the update data package to include, in a memory update package part of the plurality of update package parts, the memory configuration characteristic and metadata for the memory update package part.
  • the configuration data of the digital twin further includes a current firmware indicator
  • the processor is configured to generate the update data package to include, in a firmware update package part of the plurality of update package parts, a current firmware according to the current firmware indicator and metadata for the firmware update package part.
  • the present disclosure also relates to an loT device.
  • the loT device comprises an electronic communication circuit for close range communication, a processor connected to the electronic communication circuit, and a memory.
  • the processor is configured to receive, from a remote computer system update metadata as forwarded by a mobile communication device, the update metadata relating to each of a plurality of update package parts of an update data package received by the mobile communication device.
  • the processor is configured to identify one or more required update package parts, using the update metadata received from the mobile communication device and stored metadata relating to one or more sets of access rights stored in the memory of the loT device.
  • the processor is configured to transmit, from the loT device to the mobile communication device, via the close range communication, a request message indicating the one or more required update package parts.
  • the processor is configured to receive, in the loT device from the mobile communication device, via the close range communication, the one or more required package parts of the update data package as indicated in the request message.
  • the loT device acquires the current set of access rights using the received required package parts of the update data package, the current set of access rights authorizing access, for the loT device, to one or more access control terminals.
  • a particular access right of the current set of access rights relates to a particular access control terminal and comprises an access control terminal identifier, an access control terminal cryptographic key, and/or an access time scheme.
  • the processor is configured to receive, using the electronic communication circuit, from the particular access control terminal via short range communication, the access control terminal identifier.
  • the processor is configured to verify access authorization using the particular access right and the received access control terminal identifier.
  • the processor is configured to generate, using the particular access right, an access authorization message.
  • the processor is configured to transmit, using the electronic communication circuit to the access control terminal via short range communication, the access authorization message.
  • the loT device acquires the current set of access rights using the received required package parts of the update data package, the current set of access rights authorizing access, for the loT device, to one or more access control terminals.
  • a particular access right of the current set of access rights relates to a particular access control terminal and comprises an encrypted access payload.
  • the processor is further configured to transmit to the access control terminal, using the electronic communication circuit, the encrypted access payload.
  • the loT device is further configured to receive, using the electronic communication circuit, from the mobile communication device, metadata for a memory update package part.
  • the processor is configured to identify, in the processor, using a memory configuration characteristic stored in the memory and the metadata, whether the memory update package part is required.
  • the processor is configured to receive, using the electronic communication circuit, from the mobile communication device, the memory update package part, if the memory update package part is required.
  • the loT device is further configured to receive, using the electronic communication circuit, from the mobile communication device, metadata for a firmware update package part.
  • the loT device is configured to identify, in the processor, using a firmware indicator stored in the memory and the metadata, whether the firmware update package part is required.
  • the loT device is configured to receive, using the electronic communication circuit, from the mobile communication device, the firmware update package part, if the firmware update package part is required.
  • the processor is further configured to generate an upload status message including a unique identifier of the loT device.
  • the processor is configured to transmit, using the electronic communication circuit, the upload status message for the remote computer system from the loT device to the mobile communication device, the mobile communication device being within the close range of the loT device, for forwarding to the remote computer system via a mobile radio communication network.
  • the processor is further configured to transmit, using the electronic communication circuit, a clock update request for the remote computer system to the mobile communication device via close range communication.
  • the processor is configured to receive, using the electronic communication circuit, from the remote computer system via the mobile communication device, a clock update instruction including a current time-stamp for the loT device.
  • the processor is configured to reconfigure a clock of the loT device according to the current time-stamp, provided that a time difference between transmitting of the clock update request and receiving the clock update instruction does not exceed a pre-defined timeout.
  • Figure 1 shows a block diagram schematically illustrating a mobile communication device which acts as a relay device between a remote computer system and an loT device;
  • Figure 2 shows a block diagram schematically illustrating an loT device connected to an access control terminal
  • Figure 3 shows a block diagram schematically illustrating a remote computer system
  • Figure 4 shows a block diagram schematically illustrating an update data package
  • Figure 5 shows a block diagram schematically illustrating a mobile communication device
  • Figure 6 shows a block diagram schematically illustrating an loT device
  • Figure 7 shows a block diagram schematically illustrating an loT device, in particular an loT device having a partitioned memory
  • Figure 8 shows a timing diagram illustrating a number of steps performed by the remote computer system, the mobile communication device, and the loT device, for transmitting an update data package from the remote computer system to the loT device;
  • Figure 9 shows a timing diagram illustrating a number of steps performed by the loT device and an access control device for access control for access control;
  • Figure 10 shows a timing diagram illustrating a number of steps performed by the loT device and an access control terminal for access control
  • Figure 11 shows a timing diagram illustrating a number of steps performed by the remote computer system, the mobile communication device, and the loT device, for transmitting a status message from the loT device to the remote computer system;
  • Figure 12 shows a timing diagram illustrating a number of steps performed by the remote computer system, the mobile communication device, and the loT device, for updating a clock of the loT device.
  • FIG. 1 shows a block diagram illustrating schematically an Internet of Things (loT) device 1.
  • the loT device 1 is within a short communicative range of a mobile communication device 2.
  • the mobile communication device 2 is connected to a remote computer system 3 via a communication network 8.
  • One or more customer back-end systems 4A, 4B are also connected to the remote computer system 3 via the communication network 8. Each customer back-end system 4A, 4B is accessible using a customer client computer 5A, 5B, respectively, which is connected to the respective back-end system 4A, 4B.
  • the customers A, B are persons or entities which set, update, control, or otherwise administer access rights for the loT device 1 , in particular for a user in possession of the loT device 1.
  • Each of the customers A, B administer different access rights for a single loT device 1 .
  • a first customer A may administer access rights for an office building, while a second customer B may administer access rights for an apartment complex.
  • the remote computer system 3 is connected to the customer back-end systems 4A, 4B and is configured to provide a centralized trusted service for configuring the loT device 1 with the access rights set by the customers A, B, in particular by generating and providing an update data package to the loT device 1 , the update data package including the access rights as described herein.
  • the loT device 1 comprises a processor 10, an electronic communication circuit 11 connector to the processor 10 and a memory 12 connected to the processor 10.
  • the processor 10 comprises one or more electronic chips, for example one or more integrated circuits, microcontrollers, microprocessors, application specific circuits (ASICs), or the like.
  • ASICs application specific circuits
  • the memory 12 comprises volatile (non-persistent) and/or non-volatile (persistent) memory modules.
  • the memory 12 is implemented using solid state memory (e.g. flash memory).
  • the memory 12 is configured to store firmware, an operating system, and/or additional data relating to the firmware and/or operating system, such as application data, software libraries, log data, etc. Additionally, the memory 12 is configured to store access rights.
  • Each access right is configured to provide access at an access control terminal 6 (described in more detail with reference to Figure 2) and includes, for example, an access control terminal identifier, an access control terminal cryptographic key, and/or an access time scheme. Additionally or alternatively, an access right includes an encrypted access payload.
  • the processor 10 is configured to execute out one or more steps and/or functions as described herein.
  • the processor 10 is configured to execute one or more steps and/or functions as stored in the memory 12.
  • the steps and/or functions are stored, for example, in the memory 12 as program code (e.g., as part of the firmware, the operating system, and/or the software libraries). Other steps and/or functions may be carried out by specifically arranged circuitry in the processor 10.
  • the processor 10 and the memory 12 are integrated into a single electronic chip, for example in the form of a System on a Chip (SoC).
  • SoC System on a Chip
  • the memory 12 is configured in a particular manner. Specifically, the memory 12 is partitioned into a plurality of memory partitions, as is described in more detail with reference to Figure 7.
  • the loT device 1 comprises a secure element.
  • the secure element is a hardware module that is either integrated into, or separate and connected to, the processor 10.
  • the secure element is implemented using a universal integrated circuit card (IIICC) and/or using an embedded secure element (eSE).
  • IIICC universal integrated circuit card
  • eSE embedded secure element
  • the secure element is configured, for example, to securely store one or more cryptographic keys.
  • the loT device 1 is a mobile, portable device, implemented as a self-contained unit arranged in a housing, e.g. a dongle, a key fob, a tag, or the like, or a device arranged in another mobile or stationary physical device, e.g. a machine, a vehicle, a home appliance, and other items embedded with electronics, software, sensors, and/or actuators.
  • the loT device 1 is powered by a battery included in the loT device 1 , by a power supply of the physical device having integrated the loT device 1 therein, or by the mobile communication device 2 through induction.
  • the electronic communication circuit 11 is configured for close range communication R with a stationary or mobile communication device 2, within the close range of the loT device 1.
  • the electronic communication circuit 11 comprises an RFID (Radio Frequency Identification), NFC (Near Field Communication), Bluetooth, or BLE (Bluetooth Low Energy) circuit, UWB (ultra wide-band) or another circuit for wireless data communication over a close range, such as up to a few meters, e.g. up to one to five meters, up to ten meters, or even up to hundred meters.
  • the loT device 1 is portable and typically does not have any means for long range wireless communication
  • the loT device 1 is not permanently connected to the communication network 8. Therefore, the remote computer system 3 relies on the mobile communication device 2 to act as a relay device for relaying data between the remote computer system 3 and the loT device 1.
  • the mobile communication device 2 for example a mobile phone, must be brought into close range with the loT device 1 such that communication takes place between the loT device 1 and the mobile communication device 2.
  • it is not necessary that the mobile communication device 2 is simultaneously connected to both the remote computer system 3 and the loT device 1.
  • the mobile communication device 2 can, during a first time period, be connected to the remote computer system 3 but not the loT device 1 , during which time period data is transmitted from the remote computer system 3 and buffered (i.e. temporarily stored) on the mobile communication device 2.
  • time period data is transmitted from the remote computer system 3 and buffered (i.e. temporarily stored) on the mobile communication device 2.
  • a second time period during which the mobile communication device 2 is connected to the loT device 1 but not the remote computer system 3
  • at least some of the buffered data is transmitted from the mobile communication device 2 to the loT device 1.
  • the same can apply in reverse, i.e. for data transmitted from the loT device 1 to the remote computer system 3 via the mobile communication device 2.
  • the mobile communication device 2 is implemented as a mobile radio telephone (cellular phone), a laptop computer, a tablet computer, a smart watch, or another mobile electronic device configured for wireless communication via close range communication R and via a communication network 8, specifically via a mobile radio network.
  • the mobile communication device 2 comprises an electronic communication circuit 21 for close range communication, compatible to the electronic communication circuit 11 of the loT device 1 , and a communication module 23 for communicating via a wireless communication network 8, as illustrated in Figure 1.
  • the communication network 8 comprises a mobile radio network such as a GSM (Global System for Mobile Communication) network, a UMTS (Universal Mobile Telephone System) network, and/or another cellular radio communication network.
  • GSM Global System for Mobile Communication
  • UMTS Universal Mobile Telephone System
  • the mobile communication device 2 further comprises a processor 20 and a memory 22 having stored therein program code configured to control the processor 20.
  • the communication network 8 further comprises the Internet and LAN (local Area Network) and WLAN (Wireless LAN) for accessing the Internet.
  • the remote computer system 3 comprises one or more computers with one or more processors 30 and a communication module 32 configured to communicate via the communication network 8 with the mobile communication device 2 and the customer back-end systems 4A, 4B associated with the remote computer system 3.
  • the processors 30 are configured to execute one or more steps and/or functions as described herein.
  • the remote computer system 3 is configured as a trusted service provider for the customer back-end systems 4A, 4B and associated loT devices 1.
  • the remote computer system 3 further comprises a memory 31 for storing data related to the loT device 1 , as is explained below in more detail with reference to Figure 3.
  • the remote computer system 3 is arranged remotely from the loT device 1 and the mobile communication device 2, for example in a cloud-based computing center.
  • the customer back-end systems 4A, 4B each comprise one or more computers with one or more processors 40 and a communication module configured to communicate via the communication network 8 with the remote computer system 3 associated with the customer back-end system 4A, 4B.
  • the computer system 3 and the customer back-end system 4A, 4B are configured in one common computer center, e.g. as a cloud-based computing center.
  • the customer back-end systems 4A, 4B are each connected to a customer client computer 5A, 5B which is used by the customers A, B to access the customer back-end systems 4A, 4B, in particular for configuring the access rights administered by the respective customer A, B.
  • Figure 2 shows an embodiment where the loT device 1 is configured to exchange data with an access control terminal 6.
  • data is exchanged using wireless short range communication R, however, in an embodiment, a wired connection is used.
  • the loT device 1 is associated with a user, for example.
  • the loT device 1 is associated with an item in the user’s possession or control, for example a vehicle.
  • the access rights stored on the loT device 1 enable access for the user to one or more access controlled environments.
  • the access controlled environments include, for example, a physical environment, such as a stationary facility or part of a facility (e.g., an airport, office building, parking garage, warehouse, private house, room), or a portable facility (such as a vehicle).
  • the access controlled environments may also comprise cyber environments, such as computer based resources, services, systems, servers, or the like. Access control is performed in conjunction with the access control terminal 6, using access rights 13 stored in the memory 12 of the loT device 1.
  • the access control terminal 6 is typically implemented as a fixedly installed device at or near a boundary or gateway to the access controlled environment.
  • the access control terminal 6 may be battery powered and/or be connected to a permanent supply of electricity, e.g. via a mains connection.
  • the access control terminal 6 may also be powered passively, e.g. using induction, particularly from the loT device 1.
  • the access control terminal 6 comprises an electronic circuit 60 and an electronic communication circuit 61.
  • the electronic circuit 60 is connected to the electronic communication circuit 61.
  • the electronic circuit 60 comprises, for example, a processing unit and a memory and is configured to perform one or more steps and/or functions as described herein, in particular in conjunction with the electronic communication circuit 61.
  • the electronic communication circuit 61 comprises an RFID (Radio Frequency Identification), Near Field Communication (NFC), Bluetooth, or BLE (Bluetooth Low Energy) circuit, ultra wide-band (UWB), or another circuit for wireless data communication over a close range, such as up to a few meters, e.g. up to one to five meters, up to ten meters, or even up to hundred meters.
  • RFID Radio Frequency Identification
  • NFC Near Field Communication
  • BLE Bluetooth Low Energy
  • UWB ultra wide-band
  • another circuit for wireless data communication over a close range such as up to a few meters, e.g. up to one to five meters, up to ten meters, or even up to hundred meters.
  • the access control terminal 6 includes further components, depending on the embodiment, for example an antenna connected to the electronic communication circuit 61 , and/or a status indicator, the status indicator configured to indicate whether access control was authorized or not.
  • the access control terminal 6 further comprises a proximity sensor configured to detect the loT device 1 within close proximity of the access control terminal 6.
  • the access control terminal 6 is connected to, or comprises, an actuator configured to provide or enable access for the user to the access controlled environment.
  • the actuator is connected to a door or gateway which is unlocked and/or opened by the actuator.
  • the access control terminal 6 is connected to a computer system and configured to transmit to the computer system a message indicating whether access was authorized or denied.
  • reference numeral 33 refers to a digital twin of the loT device 1 stored in the memory 31 of the remote computer system 3.
  • the digital twin 33 is a digital object associated with the loT device 1.
  • the digital twin 33 reflects one or more properties of the loT device 1.
  • the digital twin 33 stores a current set of access rights of the loT device 1 , such that administrators of the remote computer system 3 have a complete record of the current set of access rights.
  • the digital twin 33 represents, at least partially, an intended state of the loT device 1 , in particular the memory 12 of the loT device 1 .
  • the digital twin 33 represents a complete intended state of the memory 12 of the loT device 1. This allows, for example, the loT device 1 , to be quickly replaced, should the loT device 1 malfunction, break, or be lost. This is because, using the digital twin 33, a new loT device 1 can be programmed such that the memory 12 is identical with the old, and now defunct, loT device 1. In other words, the digital twin 33 allows for a complete reconstruction of the memory-state of the memory 12 of the loT device 1 . Additionally, this allows for updating loT devices 1 in the field from a state which is out-of-date relative to a currently desired state as reflected in the digital twin 33.
  • the digital twin 33 is first updated according to the updated access rights A1 , A2, A3, B4.
  • the loT device 1 still has the “old” access rights and must be updated according to the method described herein, such that the access rights on the loT device 1 reflect the updated “new” access rights A1 , A2, A3, B4.
  • a firmware update or a memory reconfiguration is first reflected in an updated digital twin 33, leaving the loT device 1 itself to be updated, also according to the method described herein.
  • the reference to ‘current’ is being made from a perspective of the digital twin 33.
  • the aforementioned ‘current’ access rights A1 , A2, A3, B4, for example may also be considered to be ‘new’ access rights A1 , A2, A3, B4 with respect to ‘old’ access rights A1 , A2, A3, B4 currently installed on the loT device 1.
  • the ‘old’ access rights A1 , A2, A3, B4 installed on loT device 1 are updated with the current access rights A1 , A2, A3, B4.
  • the digital twin 33 also stores log data 3314 which includes log events received from the loT device 1.
  • the log events reflect, for example, status changes in the loT device 1 , exceptions, and/or access control events.
  • the log data 3314 also includes log events related to changes in the access rights A1 , A2, A3, B4.
  • the plurality of access rights A1 , A2, A3, B4 are divided into groups. In the example described with reference to Figure 3, the access rights A1 , A2, A3, B4 are stored in a plurality of files FA1 , FA2, FB3, however other arrangements, data structures, and/or grouping are also possible.
  • each file FA1 , FA2, FB3 corresponds to a particular access control environment, each file FA1 , FA2, FB3 containing access rights A1 , A2, A3, B4 for the loT device 1 for that particular access control environment.
  • the access control environment is an office building, for example, then each access right A1 , A2, A3, B4 is assigned to a particular door to which the loT device 1 , more precisely the user carrying the loT device 1 , has been authorized to access.
  • the loT device 1 therefore comprises, depending on the embodiment, access rights A1 , A2, A3, B4 for different access control environments, stored in separate files FA1 , FA2, FB3.
  • the access control environments are managed by different entities, designated as customers A, B. Each customer A, B may set access rights A1 , A2, A3, B4 for the loT device 1 to one or more access control environments.
  • customer A administers two access control environments and therefore customer A has two files FA1 , FA2 storing access rights.
  • a first file FA1 associated with a first access control environment, there is stored a first access right A1 and a second access right A2.
  • Each of the two access rights A1 , A2 is associated with a particular access control terminal 6 of a first access control environment.
  • a second file FA2 associated with a second access control environment, there is an access right A3 stored which is associated with a particular access control terminal 6 of the second access control environment.
  • customer B has a file FB3 which stores an access right B4 to an access control terminal 6 of an access control environment which customer B administers.
  • the digital twin 33 is also configured to store configuration data 331 of the loT device 1.
  • the configuration data 331 includes a communication relay address 3310, which is a communication address of the mobile communication device 2 associated with the loT device 1 , memory configuration characteristics 3311 , a firmware indicator 3312, registration data 3313, log data 3314, and an operating system version 3315.
  • the memory configuration characteristics 3311 relate to the characteristics of the memory 12 of the loT device 1 , in particular to a number of memory partitions of the memory 12 and their properties as described herein.
  • the firmware indicator 3312 relates to a current firmware associated with the digital twin 33, and comprises one or more of: a digital summary of the firmware, a digital digest, a firmware version indicator, or a firmware version time-stamp.
  • the digital twin 33 stores the current firmware, for example in a compiled form.
  • the firmware installed on the loT device 1 may be out of date with respect to the current firmware as indicated by the firmware indicator 3312, such that an update of the firmware on the loT device 1 is to take place.
  • the registration data 3313 includes an address of the remote computer system 3.
  • the log data 3314 relates to logged events associated with the digital twin 33.
  • the log data 3314 is updated according to log files received from the loT device 1.
  • the operating system version 3315 relates to a version of the operating system of the loT device 1.
  • the operating system comprises additional functionality, for example functionality specific to the customers A, B, to the loT device 1 , beyond what the firmware 132 already provides.
  • the configuration data 331 further includes, in an embodiment, one or more cryptographic keys used for encrypting data transmitted to the loT device 1 and/or for decrypting data received from the loT device 1. Further, additional cryptographic keys stored in the memory 31 of the remote computer system 3 may also be used for encrypted and/or decrypting data transmitted to and/or received from the loT device 1 , respectively.
  • the cryptographic keys stored as part of the configuration data 331 include a public key of the loT Device 1 , which public key is received from the loT device 1 as part of a registration message, for example.
  • the cryptographic keys stored in the memory 31 of the remote computer system 3 include, for example, a private key of the remote computer system 3.
  • the memory 31 is further configured to store an loT device identifier 34, which is associated with the digital twin 33.
  • the loT device identifier 34 can also be stored as part of the digital twin 33.
  • the loT device identifier 34 includes, for example, a serial number or MAC address of the loT device 1.
  • FIG 4 shows a block diagram of an update data package 7.
  • the update data package 7 is generated by the remote computer system 3 as described in more detail below with reference to Figure 8.
  • the update data package 7 comprises a plurality of update package parts 71 , 72, 73, 74, 75.
  • a first set of update package parts 71 , 72, 73 comprise access rights 13, in particular the access rights A1 , A2, A3, B4. More specifically, a first update package part 71 includes access right A1 , A2, a second update package part 72 includes access right A3, and a third update package part 73 includes access right B4.
  • Update package parts 74, 75 include a memory configuration characteristic 741 and a firmware 751 , respectively.
  • Each update package part 71 , 72, 73, 74, 75 further includes metadata 710, 720, 730,
  • the metadata 710, 720, 730, 740, 750 comprises, for example, a digital digest (e.g., a hash), a summary, a version number, a change date, a nonce, and/or a random number.
  • a digital digest e.g., a hash
  • a summary e.g., a hash
  • a version number e.g., a version number
  • a change date e.g., a nonce
  • nonce e.g., a hash
  • Figure 5 shows a block diagram of the mobile communication device 2 having stored in the memory 22 the update package 7.
  • the mobile communication device 2 after having received the update package 7 from the remote server computer 3, stores the update package 7 in the memory 12 for updating the loT device 1 , as described in more detail with reference to Figure 8.
  • Figure 6 shows a block diagram of the loT device 1 having stored in the memory 12 the access rights A1 , A2, A3, B4 as received from the mobile communication device 2 as part of the update data package 7.
  • the access rights A1 , A2, A3, B4 are stored in a plurality of files FA1 , FA2, FB1.
  • the memory 12 has a memory configuration characteristic 131 and has stored thereon firmware 132.
  • the processor 10 of the loT device 1 is configured such that it generates and/or identifies metadata of various items stored in the memory 12, in particular the files FA1 , FA2, FB1 storing the access rights.
  • the metadata of each file FA1 , FA2, FB1 relates to the contents of, or identifies, the respective file FA1 , FA2, FB1 and comprises, for example, a digital digest (e.g., a hash), a summary, a version number, a change date, a nonce, and/or a random number.
  • the metadata is, for example, be generated using the files FA1 , FA2, FB1 and/or the access rights A1 , A2, A3, B4. Alternatively, the metadata is retrieved from the memory 12.
  • the metadata of each file FA1 , FA2, FB1 is stored, for example, as part of each file (e.g. in a header part of the file) or separately from each file FA1 , FA2, FB1 (for example as part of a directory structure of the memory 12).
  • the memory configuration characteristic 131 relates to: a number of partitions of the memory 131 , a size of one or more of the memory partitions, a data format of one or more of the memory partitions, read and/or write permissions for one or more of the memory partitions, and/or a type of data to be stored in one or more of the memory partitions. More details relating to memory partitions of the memory 131 are described below with reference to Figure 7.
  • the firmware 132 relates to the software running on the loT device 1 , in particular the software executed by the processor 10, such that the loT device 1 performs the steps and/or functions of the loT device 1 as described herein.
  • the firmware 132 in particular controls the short-range communication circuit 11 for exchanging data, for example with the mobile communication device 2 and/or with the access control terminal 6.
  • the processor 10 is configured to generate, or retrieve from the memory 12, metadata related to the firmware 132.
  • the metadata comprises one or more of: a digital summary of the firmware 132, a digital digest, a firmware version indicator, or a firmware version time-stamp.
  • the processor 10 is configured such that the firmware 132 is updatable.
  • the memory 12 of the loT device 1 further includes, in an embodiment, one or more cryptographic keys used for decrypting data received from the remote computer system 3 and/or for encrypting data transmitted to the remote computer system 3.
  • the cryptographic keys include a public key of the remote computer system 3, which public key is received from the remote computer system 3 as a response to a registration message, for example.
  • the cryptographic keys stored in the memory 12 of the loT device 1 include, for example, a private key of the loT device 1.
  • Figure 7 shows a block diagram of the loT device 1 with the memory 12 partitioned into a plurality of memory partitions 120, 121 , 122.
  • the memory partitions 120, 121 , 122 include a firmware partition 120 configured to store the firmware.
  • the access rights partition 121 is configured to store the access rights A1 , A2, A3, B4.
  • the encrypted payload partition 122 is configured to store a particular type of access rights comprising a third party authentication key in which access authorization is performed in the access control terminal 6, using the third party authentication key, as is described below in more detail with reference to Figure 10.
  • Each memory partition 120, 121 , 122 has a header, which stores, for example, a partition size, memory tables, one or more encryption types, and/or encryption Initialization Vectors. Additionally, one or more of the aforementioned may be stored for each data file individually, e.g. a particular data file comprises a header indicating an encryption type, a size of the data file, etc.
  • the partition size of the memory partitions 120, 121 , 122 is reconfigurable. Specifically, upon reception of the memory configuration characteristic 741 which forms, in an embodiment, part of the update data package 7, the processor 10 of the loT device 1 is configured to reconfigure the memory 12 according to the memory configuration characteristic 741. The memory 12 is reconfigured, for example, by increasing or decreasing the size of one or more memory partitions 120, 121 , 122.
  • access rights for the loT device 1 are defined.
  • the access rights are defined in the remote computer system 3 based on data received from the customer back-end system 4.
  • the customer back-end system is operated by a particular customer, e.g. the customer A or the customer B.
  • the access rights are configured such that, when they are downloaded to the loT device 1 , they authorize the loT device 1 (in an example, specifically the person carrying the loT device 1) to access an access control environment.
  • the customers A, B define the access rights using, for example, customer client computers 5A, 5B as described above with reference to Figure 1.
  • the customer back-end system 4 is co-located with the remote computer system 3.
  • the remote computer system 3 can receive an identifier of the loT device 1 from the customer back-end system 4, or transmit to the customer back-end system 4 a list of loT devices 1 associated with the particular customer A, B, receiving thereafter from the customer back-end system a selected loT device 1.
  • the remote computer system 3 updates the digital twin 33 with the newly defined access rights.
  • any changes to the access rights already stored as part of the digital twin 33, including additions, deletions, and/or modifications, are implemented.
  • the remote computer system 3 stores the newly updated access rights as part of the digital twin 33.
  • the digital twin 33 at this particular time-point, has a current set of access rights.
  • the loT device 1 at this particular time-point, has an out-of-date set of access rights which are to be updated through the following steps.
  • the update data package 7 comprises a plurality of update package parts 71 , 72, 73, 74, 75 as described above with reference to Figure 4. At least some of the update package parts 71 , 72, 73 include access rights A1 , A2, A3, B4. The remaining update package parts 74, 75, may relate to, for example, a memory configuration characteristic 741 and/or a firmware 751.
  • the access rights included in the update package parts 71 , 72, 73 are, in an embodiment, a complete set of the current access rights as stored in the digital twin 33. In other words, all the access rights of the digital twin 33 are included in the update data package 7.
  • the update data package 7 is further generated, by the remote computer system 3, to include a firmware update package part 75.
  • the processor 30 of the remote computer system 3 generates the update data package 7 to include a current firmware 751 , as defined by the firmware indicator 3312.
  • the update data package 7 is further generated, by the remote computer system 3, to include a memory update package part 75, according to the memory configuration characteristic 3311.
  • the update data package 7 does not contain any update package parts relating to access rights, in particular, it only contains the firmware update package part 75.
  • the current firmware 751 can be considered, from the perspective of the loT device 1 , to be ‘new’ firmware 751 .
  • the update data package 7 is generated by the remote computer system 3 to include update metadata 710, 720, 730, 740, 750 relating to the contents of the update data package 7, in particular the update package parts 71 , 72, 73, 74, 75, respectively.
  • the update data package 7 and/or the update package parts 71 , 72, 73, 74, 75 are digitally signed, by the remote computer system 3, using one or more cryptographic keys, e.g., including one or more keys belonging to one or more public/private key-pairs.
  • a digital signature of the update data package 7 and/or its contents, including the update package parts 71 , 72, 73, 74, 75 are included in the update data package 7.
  • a digital signature of a particular update data package part 71 , 72, 73, 74, 75 is included in the particular update metadata 710. 720, 730, 740, 750, respectively.
  • the cryptographic keys used include, for example, a private key of the remote computer system 3 and/or a public key of the loT device 1 stored in the remote computer system 3.
  • the update data package 7 and/or the update package parts 71 , 72, 73, 74, 75 are encrypted, by the remote computer system 3, using one or more cryptographic keys.
  • step S14 the update data package 7 is transmitted, by the remote computer system 3, via the communication network 8, to the mobile communication device 2.
  • the mobile communication device 2 receives the update data package 7 from the remote computer system 3 via the communication network 8.
  • the update data package 7 is received while the mobile communication device 2 is connected to the communication network 8. It is not necessary that the mobile communication device 2 is simultaneously connected to the loT device 1.
  • the mobile communication device 2 stores the received update data package 7 in the memory 22. Thereby, the mobile communication device 2 buffers the update data package 7 received from the remote computer system 3.
  • a step S16 the mobile communication device 2 forwards update metadata 710, 720, 730, 740, 750 to the loT device 1 using short range communication.
  • the electronic communication circuit 21 of the mobile communication device 2 transmits the update metadata 710, 720, 730, 740, 750 to the loT device 1 , where it is received by the electronic communication circuit 11 in a step S17.
  • the loT device 1 identifies which update package parts 71 , 72, 73, 74, 75 of the update data package 7 are required.
  • the processor 10 of the loT device 1 compares the received update metadata with the contents of the memory 12 to identify whether the update data package 7 includes any updates to the access rights, to the memory configuration, and/or to the firmware.
  • the processor 10 retrieves, from memory 12, metadata relating to the contents of the memory 12. For example, the processor 10 retrieves metadata of each file FA1 , FA2, FB1 containing access rights A1 , A2, A3, B4. The retrieved metadata is then compared, by the processor 10, with the received update metadata 710, 720, 730, 740, 750. Additionally or alternatively, the processor 10 generates metadata of contents of the memory 12 and compares the generated metadata with the received update metadata 710, 720, 730, 740, 750.
  • the comparison(s) performed by the processor 10 include, for example, comparing version numbers, digital digests, summaries, release dates, time-stamps, identifiers, etc.
  • the loT device 1 is further configured to verify a digital signature of the update package 7 and/or one or more update package parts 71 , 72, 73, 74, 75, as included in the received update metadata 710, 720, 730, 740, 750. Additionally, the loT device 1 is further configured to verify that the loT device 1 is the intended recipient of the update data package 7. For example, the digital signature is verified using one or more cryptographic keys.
  • the cryptographic keys used include, for example, a public key of the remote computer system 3 and/or a private key of the loT device 1 stored in the memory 12.
  • the loT device 1 is further configured to perform an integrity check on contents of the memory 12.
  • the integrity check includes, for example, identifying missing, incomplete, and/or corrupted parts of the memory 12 and associating these with the update package parts 71 , 72, 73, 74, 75 using the received update metadata.
  • the loT device 1 is configured to identify required update package parts 71 , 72, 73, 74, 75 using the results of the integrity check. For example, update package parts 71 , 72, 73, 74, 75 are identified as required if they correspond to missing, incomplete, and/or corrupted parts of the memory 12.
  • the processor 10 then generates a request message including an indication of one or more required update package parts 71 , 72, 73, 74, 75.
  • the request message includes update metadata 710, 720, 730, 740, 750 relating to update package parts 71 , 72, 73, 74, 75 which have been modified and therefore are required to be updated.
  • the loT device 1 transmits the request message to the mobile communication device 2 using short range communication.
  • the mobile communication device 2 receives the request message.
  • the mobile communication device 2 transmits one or more required update package parts 71 , 72, 73, 74, 75 to the loT device 1.
  • the loT device 1 receives the required update package parts 71 , 72, 73, 74, 75 from the mobile communication device 2.
  • the update package 7 contains, in an embodiment, a complete set of access rights A1 , A2, A3, B4 for the loT device 1 , not all of which have been updated since a last update. Therefore, typically only a subset of the update package parts 71 , 72, 73, 74, 75 will be transmitted by the mobile communication device 2 to the loT device 1.
  • the loT device 1 is configured to unencrypt one or more of the required update package parts 71 , 72, 73, 74, 75 using a cryptographic key stored in the memory 12.
  • the cryptographic key used is, for example, a public key of the remote computer system 3 or a private key of the loT device 1 stored in the memory 12.
  • the loT device 1 is updated efficiently, as only those update package parts 71 , 72, 73, 74, 75 required by the loT device 1 are transmitted from the mobile communication device 2 to the loT device 1. This is more efficient because the short range communication between the loT device 1 and the mobile communication device 2 typically has a lower bandwidth than the data communication between the mobile communication device 2 and the remote computer system 3.
  • the loT device 1 is able to, in an embodiment, restore missing, incomplete and/or corrupted parts of the memory 12.
  • the loT device 1 in particular the processor 10, then implements the received update package parts 71 , 72, 73, 74, 75.
  • Implementing the received update package parts 71 , 72, 73, 74, 75 includes, for example, updating the access rights A1 , A2, A3, B4 stored in the memory 12, reconfiguring the memory 12 according to the memory configuration characteristic 131 , and/or updating the firmware 132.
  • access rights A1 , A2, A3, B4, which are referred to in some places in the present disclosure as relating to ‘current’ access rights A1 , A2, A3, B4, may be ‘new’ access rights A1 , A2, A3, B4 for the loT device 1 , i.e. have not previously been stored in the loT device 1.
  • the memory 12 is reconfigured by the processor 10 and this includes, for example, the processor 10 resizing memory partitions 120, 121 , 122, reallocating memory 12 from a particular memory partition 120, 121 , 122 to another memory partition 120, 121 , 122, reformatting one or more of the memory partitions 120, 121 , 122, wiping (e.g. securely erasing) one or more of the memory partitions 120, 121 , 122, and/or updating encryption keys for the one or more memory partitions 120, 121 , 122, etc.
  • the firmware 132 is updated by the processor 10 and this includes, for example, writing, deleting, and/or overwriting one or more components of the firmware 132 using the firmware 751 included in the received update data package 7.
  • Figure 9 relates to a number of steps for performing access authorization using the loT device 1.
  • access authorization is performed in the loT device 1 on the basis of the access rights stored in the loT device 1 and an identifier of the access control terminal 6.
  • the loT device 1 is brought into close communicative range with the access control terminal 6.
  • the access control terminal 6 transmits an access control identifier to the loT device 1.
  • the electronic circuit 60 of the access control terminal 6 is configured to transmit, using the electronic communication circuit 61 , the access control terminal identifier to the loT device 1 which is in close proximity. Close proximity is defined as being, for example within 10 meters, within 5 meters, within one meter, within 20 centimeters, or within 2 centimeters.
  • the loT device 1 receives the access control identifier.
  • the processor 10 receives the access control terminal identifier using the electronic communication circuit 11.
  • the loT device 1 selects an access right from memory 12 corresponding to the access control terminal identifier.
  • the selection is performed, for example, by the processor 10 identifying an access right comprising an access control terminal identifier matching the received access control terminal identifier. If the processor 10 cannot select a corresponding access right, then access authorization is aborted and the access control terminal 6 does not provide access.
  • the access control terminal 6 transmits, in addition to the access control terminal identifier or alternatively to the access control terminal identifier, a digitally signed message, for example signed using a cryptographic key stored in the loT device 1 , such that the loT device 1 is able to confirm that the access control terminal 6 is legitimate.
  • the digitally signed message comprises the access control terminal identifier or otherwise identifies the access control terminal 6.
  • the loT device 1 in particular the processor 10, verifies access authorization using the received access control terminal identifier.
  • access authorization is verified upon positive selection of an access right corresponding to the access control terminal identifier.
  • the processor 10 checks, using a time-scheme of the access right and an internal clock of the loT device 1 , whether the loT device 1 has access authorization at a particular current time.
  • the loT device 1 in particular the processor 10, generates an access authorization message.
  • the access authorization message is configured such that the access control terminal 6 grants access upon reception.
  • the access authorization message is digitally signed using a cryptographic key stored in the loT device 1.
  • the loT device 1 in particular the processor 10 using the electronic communication circuit 11 , transmits the access authorization message to the access control terminal 6.
  • the access control terminal 6 receives the access authorization message.
  • the access control terminal 6, in an embodiment, validates the digitally signed access authorization message.
  • the access control terminal 6 provides access authorization to the access control environment.
  • Providing access authorization comprises, depending on the embodiment and the type of access control environment, transmitting a control signal to an actuator of a lock, doorway, or other entryway.
  • providing access authorization comprises allowing access to a cyber-environment.
  • Figure 10 illustrates a number of steps for performing access authorization using the loT device 1.
  • access authorization is performed in the access control terminal 6 using the access rights, in particular comprising an encrypted access payload, transmitted from the loT device 1 to the access control terminal 6.
  • the loT device 1 is brought into close proximity with the access control terminal 6. Close proximity is defined as being, for example within 10 meters, within 5 meters, within one meter, within 20 centimeters, or within 2 centimeters.
  • step S30 which is analogous to step S20 described above, the access control terminal 6 transmits the access control terminal identifier to the loT device 1 , which receives the access control terminal identifier in a step S31.
  • the loT device 1 selects an access right corresponding to the access control terminal identifier.
  • the access right comprises an encrypted access payload.
  • the encrypted access payload comprises a third party authentication key configured by the manufacturer or operator of the access control terminal 6.
  • the encrypted access payload is, for example, initially provided to the remote computer system 3 via the customer back-end system 4. If no corresponding access right is selected, access control is terminated.
  • the access right is selected by, for example, matching an access control terminal identifier included in the access right with the received access control terminal identifier.
  • the loT device 1 transmits the encrypted access payload using short range communication to the access control terminal 6.
  • the access control terminal 6, in particular the electronic circuit 60 using the electronic communication circuit 61 receives the encrypted access payload.
  • Verifying the encrypted access payload includes, for example, decrypting, in the electronic circuit 60, the encrypted access payload and validating the third party authentication key.
  • step S36 which is analogous to step S27 described above, the access control terminal provides access authorization.
  • Figure 11 illustrates a number of steps for transmitting a status message, by the loT device 1 , to the remote computer system 3.
  • the loT device 1 in particular the processor 10, generates a status message.
  • the status message includes the loT device identifier 34 and further comprises, for example, status changes in the loT device 1 , for example indicating that the access rights were updated, that the memory configuration 131 of the memory 12 was updated, and/or that the firmware 132 was updated.
  • the status message also comprises, for example, exceptions (e.g. errors that occur in the processor 10 and/or the memory), and/or access control events.
  • the status message indicates access control terminal 6 at which access control was performed, (i.e. includes an access control terminal identifier and optionally one or more times at which access control was performed at a particular access control terminal 6).
  • the status message is transmitted by the loT device 1 during commissioning of the loT device 1.
  • the status message comprises an address of the remote computer system 3, such that the mobile communication device 2 is enabled to forward the status message to the remote computer system 3 using the address indicated in the status message, without having to have previously stored, or otherwise receive or retrieve, the address of the remote computer system 3.
  • the loT device 1 in particular the processor 10, transmits the status message to the mobile communication device 2 via short range communication.
  • the mobile communication device 2 receives the status message. For this to occur, the mobile communication device 2 must be brought into communication range with the loT device 1.
  • the status message is stored in memory 22 of the mobile communication device 2, until the mobile communication device 2 is connected, via the communication network 8, with the remote computer system 3.
  • the mobile communication device 2 forwards the status message, via the communication network 8, to the remote computer system 3.
  • the remote computer system 3 receives the status message via the communication network 8.
  • the remote computer system 3 identifies the communication address of the mobile communication device 2.
  • step S45 the loT device identifier 34 is extracted, by the processor 30 of the remote computer system, from the status message.
  • the processor 30 is configured to check whether there is stored, in the memory 31 of the remote computer system 3, a loT device identifier 34 corresponding to the extracted loT device identifier 34. If there is not, that indicates that the loT device 1 was not previously registered in the remote computer system 3.
  • the remote computer system 3 is configured to generate, for the loT device 1 , a digital twin 33, and store the digital twin 33 in the memory 31.
  • loT device identifier 34 If the loT device identifier 34 extracted matches a stored loT device identifier 34, the remote computer system 3 proceeds.
  • the remote computer system 3 is configured to update the digital twin 33 using the status message.
  • the log events are stored as part of the digital twin 33.
  • the communication relay address 3310 is updated or stored, respectively, as the communication address of the mobile communication device 2. In such a manner, only one single mobile communication device 2 is designated as a relay device for the loT device 1 at any particular point in time.
  • step S47 the updated digital twin 33 is stored, by the processor 30, in the memory 31 of the remote computer system 3.
  • Figure 12 illustrates a number of steps performed for updating an internal clock of the loT device 1.
  • the internal clock of the loT device 1 is used, by the processor of the loT device 1 , for verifying access control, in particular for checking whether a current time at which access control is being performed corresponds to a time, as indicated by the timescheme of the particular access right, during which access control is authorized. Due to clock drift over time, it is necessary to periodically reconfigure the clock as detailed below.
  • the loT device 1 in particular the processor 10, generates a clock update message.
  • the clock update message can also form, for example, part of the status message described above.
  • the clock update message includes the loT device identifier
  • a step S51 the clock update message is transmitted, from the loT device 1 , to the mobile communication device 2, where it is received in a step S52.
  • the processor 10 is configured to store, in the memory 12, a time-stamp from the clock indicating a timepoint at which the clock update message was transmitted.
  • step S53 the clock update message is forwarded, by the mobile communication device 2, to the remote computer system 3, via the communication network 8.
  • the remote computer system 3 receives the clock update message.
  • the remote computer system 3 In a step S55, the remote computer system 3 generates a clock update instruction which includes a current time-stamp of the remote computer system 3, in particular of a clock of the remote computer system 3. Depending on the embodiment, the remote computer system 3 generates the clock update instruction using a current time received from an external time server.
  • the remote computer system 3 digitally signs the clock update instruction such that the loT device 1 can verify the legitimacy of the clock update instruction.
  • the remote computer system 3 uses one or more cryptographic keys to digitally sign the clock update instruction.
  • a digital signature is included in the clock update instruction.
  • the digital signature may indicate the particular loT device 1 as an intended recipient.
  • the cryptographic keys used may, for example, include a private key of the remote computer system 3 and/or a public key of the loT device 1.
  • the clock update instruction is transmitted, from the remote computer system 3 to the mobile communication device 2 via the communication network 8.
  • the mobile communication device 2 receives the clock update instruction.
  • a step S58 the mobile communication device 2 forwards the clock update instruction via short range communication to the loT device 1.
  • the loT device 1 receives the clock update instruction.
  • the loT device 1 compares a current time, as indicated by its clock, with the stored time-stamp which indicates a time-point at which the clock update message was transmitted. If a difference between the current time and the stored time-point does not exceed a pre-defined period, for example less than 20 seconds, for example less than 10 seconds, or for example less than 5 seconds, then the clock update instruction is accepted. This ensures that the clock update instruction was received promptly and without undue delay such that the clock update instruction reflects, to within a degree of accuracy as defined by the pre-defined period, the actual time as determined by the remote computer system 3.
  • the mobile communication device 2 it is necessary for the mobile communication device 2 to simultaneously be in communicative range with the loT device 1 and connected to the loT device 1 , and also connected to the remote server 3 via the communication network 8, for at least some of the steps illustrated in Figure 12.
  • the loT device 1 verifies a digital signature included in the clock update instruction, thereby verifying the legitimacy of the clock update instruction.
  • the loT device 1 uses one or more cryptographic keys to verify that the clock update instruction was signed by of the remote computer system 3. Additionally, it may be verified that the clock update instruction was intended for the particular loT device 1 .
  • the cryptographic keys used include, for example, a public key of the remote computer system 3 and/or a private key of the loT device 1 stored in the memory 12.
  • the loT device 1 reconfigures the clock using the clock update instruction.
  • the processor 10 of the loT device 1 updates its internal clock using the current time-stamp of the remote computer system 3 contained in the clock update instruction.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un dispositif IoT (1), un système informatique distant (3) et un procédé de communication entre le dispositif IoT (1) et le système informatique distant (3), le procédé comprenant la génération dans le système informatique distant (3), pour le dispositif IoT (1), d'un paquet de données de mise à jour, divisé en une pluralité de parties de progiciel de mise à jour, la transmission du paquet de données de mise à jour à un dispositif de communication mobile, et la transmission, du dispositif de communication mobile au dispositif IoT (1), de parties de progiciel de mise à jour requises.
PCT/EP2023/067279 2022-07-01 2023-06-26 Procédé et dispositifs de communication entre un dispositif de l'internet des objets et un système informatique distant WO2024002952A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CH7952022 2022-07-01
CHCH000795/2022 2022-07-01

Publications (1)

Publication Number Publication Date
WO2024002952A1 true WO2024002952A1 (fr) 2024-01-04

Family

ID=82558145

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2023/067279 WO2024002952A1 (fr) 2022-07-01 2023-06-26 Procédé et dispositifs de communication entre un dispositif de l'internet des objets et un système informatique distant

Country Status (1)

Country Link
WO (1) WO2024002952A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117640700A (zh) * 2024-01-18 2024-03-01 深圳市宏大联合实业有限公司 一种数字孪生方法、系统以及第一节点

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160294614A1 (en) * 2014-07-07 2016-10-06 Symphony Teleca Corporation Remote Embedded Device Update Platform Apparatuses, Methods and Systems
US20190094827A1 (en) * 2017-09-27 2019-03-28 Johnson Controls Technology Company Building management system with integration of data into smart entities
EP3637736A1 (fr) 2018-10-09 2020-04-15 Legic Identsystems AG Procédé et dispositifs de communication entre un dispositif de l'internet des objets et un système informatique à distance

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160294614A1 (en) * 2014-07-07 2016-10-06 Symphony Teleca Corporation Remote Embedded Device Update Platform Apparatuses, Methods and Systems
US20190094827A1 (en) * 2017-09-27 2019-03-28 Johnson Controls Technology Company Building management system with integration of data into smart entities
EP3637736A1 (fr) 2018-10-09 2020-04-15 Legic Identsystems AG Procédé et dispositifs de communication entre un dispositif de l'internet des objets et un système informatique à distance

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
GEHRMANN CHRISTIAN ET AL: "A Digital Twin Based Industrial Automation and Control System Security Architecture", IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, IEEE SERVICE CENTER, NEW YORK, NY, US, vol. 16, no. 1, 2 September 2019 (2019-09-02), pages 669 - 680, XP011766593, ISSN: 1551-3203, [retrieved on 20200107], DOI: 10.1109/TII.2019.2938885 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117640700A (zh) * 2024-01-18 2024-03-01 深圳市宏大联合实业有限公司 一种数字孪生方法、系统以及第一节点
CN117640700B (zh) * 2024-01-18 2024-04-30 深圳市宏大联合实业有限公司 一种数字孪生方法、系统以及第一节点

Similar Documents

Publication Publication Date Title
CN102859935B (zh) 利用虚拟机远程维护电子网络中的多个客户端的系统和方法
CN106603484B (zh) 虚拟钥匙方法及应用该方法的装置、后台系统、用户终端
KR102333395B1 (ko) 이동통신 시스템의 단말에서 프로파일 수신을 위한 방법 및 장치
CN104966336B (zh) 智能锁及智能锁的授权管理方法和装置
EP2348490B1 (fr) Système de contrôle d'accès
EP2520061B1 (fr) Procédé d'auto-approvisionnement sécurisé d'unités d'abonnés dans un système de communication
US8064598B2 (en) Apparatus, method and computer program product providing enforcement of operator lock
CN101953192B (zh) 用于管理无线通信装置中的预订凭证的方法和设备
CN113411780B (zh) 鉴权更新eUICC固件版本的方法及相关装置
KR102540090B1 (ko) 전자 장치 및 그의 전자 키 관리 방법
KR20100035712A (ko) Rfid 시스템에서 보안을 제공하기 위한 방법 및 장치
US20070033285A1 (en) Value information transfer system and value information transfer method
CN100409697C (zh) 使用多个验证服务器的无线设备网络的管理方法及其设备
US11943208B2 (en) Method and devices for communicating between an internet of things device and a remote computer system
US20120090033A1 (en) Systems and methods for implementing application control security
WO2024002952A1 (fr) Procédé et dispositifs de communication entre un dispositif de l'internet des objets et un système informatique distant
CN109478352A (zh) 用于在安装场所配置多个访问控制装置的方法和装置
CA3061108A1 (fr) Systemes et methodes a jetons de mise a jour d`appareils mobiles
US20230325178A1 (en) Tokenized mobile device update systems and methods
US11949779B2 (en) Method and apparatus for registering shared key
CN114127719A (zh) 存储机壳
KR101733456B1 (ko) 스마트폰을 이용하는 락킹장치 관리시스템 및 그 방법
KR100974296B1 (ko) Tpm을 이용한 홈 네트워크 인증 및 제어 방법
JP2022140149A (ja) 情報処理システム、携帯装置、連携サーバ、情報処理方法、制御方法及びプログラム
CN111277350A (zh) 时钟管理、获取方法、终端及存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23736024

Country of ref document: EP

Kind code of ref document: A1